Environment

Situation

Users want to be able to a login on multiple machines by using a Windows password stored on in eDirectory / SecretStore.

Resolution

In Novell Client for Windows 7, the "Single Sign-On" feature implemented by NMAS does not utilize SecretStore.

If the expectation is "I should be able to save by Windows password via Single Sign-On on Machine A, and then go login on Machine B and be able to transparently login to Windows because my Windows password will be retrieved from eDirectory or SecretStore", this is NOT going to be true on the Novell Client for Windows 7 implementation of "Single Sign-On".

On Novell Client for Windows XP/2003 it could work either way. If SecretStore was available on the eDirectory server(s), the secret would be saved to the server-side SecretStore service. But if SecretStore was not available, the secret would be saved to the local workstation only. So whether the "Machine A and Machine B" scenario worked on Windows XP/2003 depended on whether the SecretStore API was able to communicate with a server-side SecretStore service, or had to fall back to encrypting and saving the secret locally on the workstation.

On Novell Client for Windows 7, NMAS is always in the latter "encrypt and save on local workstation" case.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.